我如何才能批准处于“拒绝”状态的 CSR?
How can I do this to approve a CSR in the Denied state?
查看节点状态:kubectl get csr
[root@kube1 ~]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c 150m system:bootstrap:gn5vla Pending
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg 150m system:bootstrap:xay6t6 Pending
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ 150m system:bootstrap:v1g4p2 Pending
执行拒绝:
kubectl get csr | grep Pending| awk '{print }' | xargs kubectl certificate deny
再次查看节点状态:kubectl get csr
[root@kube1 ~]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c 150m system:bootstrap:gn5vla Denied
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg 150m system:bootstrap:xay6t6 Denied
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ 150m system:bootstrap:v1g4p2 Denied
我如何才能批准处于拒绝状态的 CSR?
简短的回答,你不能。拒绝 CSR 后,您需要发布新的 CSR 并在需要时批准它。如果您不想在此处看到被拒绝的 CSR,您可以删除它们:
kubectl delete csr <csr-name>
查看节点状态:kubectl get csr
[root@kube1 ~]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c 150m system:bootstrap:gn5vla Pending
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg 150m system:bootstrap:xay6t6 Pending
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ 150m system:bootstrap:v1g4p2 Pending
执行拒绝:
kubectl get csr | grep Pending| awk '{print }' | xargs kubectl certificate deny
再次查看节点状态:kubectl get csr
[root@kube1 ~]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr--jJF_sRckTdhoqAOYB4fEaA06Juwv32d1RFwzcbbE0c 150m system:bootstrap:gn5vla Denied
node-csr-KMkTDLPqhj52YxZFS8vEOiqMt1NXVEcYvmvUJAhxhwg 150m system:bootstrap:xay6t6 Denied
node-csr-bv18tH4pK-xq7Ekwv0IuzD4CcBuvKjjdonBjpKqHuPQ 150m system:bootstrap:v1g4p2 Denied
我如何才能批准处于拒绝状态的 CSR?
简短的回答,你不能。拒绝 CSR 后,您需要发布新的 CSR 并在需要时批准它。如果您不想在此处看到被拒绝的 CSR,您可以删除它们:
kubectl delete csr <csr-name>